Marking the 10-Year Anniversary of the First XACML Interoperability Demo

It’s hard to believe, but it’s already been 10 years since I had the honor to host the first ever XACML interoperability demonstration at Burton Group’s Catalyst conference in June of 2007. We had a long tradition of hosting interoperability demonstrations, but they were typically associated with single sign-on and federation protocols, such as SAML, multi-federation protocols, a user-centric interoperability demonstration, and even SPML. However for this event, the focus was on access control and the Extensible Access Control Markup Language.

The “wayback” machine, fortunately, captured some posts about the event. For example, we put out a call to action in February that year to line up vendor participation:

Leading up to the event, I posted this 2 weeks before Catalyst:

OASIS has an excellent recap here: https://www.oasis-open.org/news/pr/eight-companies-demonstrate-interoperability-of-xacml-oasis-standard-at-catalyst-conference. Anil Saldanha (@anilsaldhana) also wrote up a short summary of the event and was wise enough to capture  Hal Lockhart interviewing the participants. You can find the blog post and a link to the podcast here: http://anil-identity.blogspot.com/2007/06/oasis-xacml-interoperability-event-at.html

XACML remains an important interoperability standard for Axiomatics, as we use it in a number of integrations with third party products. In version 3.0 of XACML, new profiles have been added recently that further enhance interoperability between different implementations of XACML. I am referring to the profiles for REST and JSON support, which are additive to the core specification.

Questions? Comments? Leave a comment below.

To learn more about XACML, please visit our Resources section.

Other Blogs

3 keys to re-evaluate your authorization management
Business
On May 27, I had the pleasure to join the KuppingerCole KCLive event with several industry peers in a panel discussion about  “Enabling the Future...
How OAuth is related to Attribute Based Access Control
Tech
What is Authorization? Authorization, also referred to as Access Control, is the process that follows authentication (which checks your identity and ensures that you are...
Modern Enterprise Authorization Management System
Business
Gartner has an interesting article titled “Modernize Your Runtime Authorization” that highlights some aspects you need from a modern enterprise authorization systems. Over the years...